As more and more computers and other computing devices are interconnected through various networks such as the Internet, computer security has become increasingly more important, particularly from invasions or attacks delivered over a network or over an information stream. As those skilled in the art will recognize, these attacks come in many different forms, including, but certainly not limited to, computer viruses, computer worms, system component replacements, denial of service attacks, even misuse/abuse of legitimate computer system features—all of which exploit one or more computer system vulnerabilities for illegitimate purposes. While those skilled in the art will realize that the various computer attacks are technically distinct from one another, for purposes of the present invention and for simplicity in description, all malicious computer programs will be generally referred to hereinafter as computer malware or, more simply, malware.
When a computer is attacked or “infected” by computer malware, the adverse results are varied, including disabling system devices; erasing or corrupting firmware, applications, or data files; transmitting potentially sensitive data to another location on the network; shutting down the computer; or causing the computer to crash. Yet another pernicious aspect of many, though not all, computer malware is that an infected computer is used to infect other systems.
FIG. 1 is a pictorial diagram illustrating an exemplary networking environment 100 over which a computer malware is commonly distributed. As shown in FIG. 1, the typical exemplary networking environment 100 includes a plurality of computers 102-108 all inter-connected via a communication network 110 such as an intranet or via a larger communication network including the global TCP/IP network commonly referred to as the Internet. For whatever reason, a malicious party on a computer connected to the network 110, such as computer 102, develops a computer malware 112 and releases it on the network. The released computer malware 112 is received by and infects one or more computers, such as computer 104, as indicated by arrow 114. As is typical with many computer malware, once infected, computer 104 is used to infect other computers, such as computer 106 as indicated by arrow 116 that, in turn, infects yet other computers, such as computer 108 as indicated by arrow 118. It should be appreciated that the malware 112 may be directed to any one of the computers 104-108 as a result of a request initiated by the computer 102. Clearly, due to the speed and reach of the modern computer networks, a computer malware 112 can “grow” at an exponential rate and quickly disrupt communications between organizations and people.
When a new malware is identified as spreading on a communication network such as the Internet, different software providers initiate a process for handling the malware. More specifically, typically at least two software providers create software updates when new malware is identified. One software provider is an antivirus software provider that creates a software update designed to identify the new malware and remove the malware from a computer. Those skilled in the art and others will recognize that a traditional defense against computer malware, and particularly computer viruses and worms, is antivirus software which typically scans data that is transmitted to a computer, searching for identifiable patterns, referred to as signatures, which are associated with known malware. If a malware signature is identified, the antivirus software takes appropriate action, such as deleting the malware/infected file or removing the malware from an infected file. However, existing antivirus software does not provide software updates that are designed to close the vulnerability exploited by the malware to infect one or more computers. As a result, a computer may become reinfected with the malware, in some instances, even though antivirus software on a computer is “up-to-date” with the most recent software updates.
Another software provider that typically creates software updates when a new malware is identified is an operating system provider. While most malware released today are based on known vulnerabilities, occasionally a computer malware is released that takes advantage of a previously unknown vulnerability. In this instance, the operating system provider creates a software update, commonly known as a “patch,” that is designed to close the vulnerability exploited by the new malware. By installing a patch designed to close the vulnerability, the computer is protected against being infected with the malware.
Providing adequate protection against malware includes installing updates to antivirus software and operating system patches designed to prevent the malware from infecting a computer. However, users often leave computers exposed to malware even in instances when software updates would protect the computers. For example, some users mistakenly believe that antivirus software will protect a computer from being infected with malware in all instances. However, frequently computers with “up-to-date” antivirus software are infected with malware if a patch designed to close the vulnerability exploited by the malware is not installed.